Method and apparatus for performing secure Bluetooth communication

ABSTRACT

A method for performing secure Bluetooth communication between a vehicle terminal and a user terminal is provided. The method includes: transmitting a user terminal inverse certificate request message to an authority server; receiving a message from the authority server in response to the transmission of the user terminal inverse certificate request message; obtaining a user terminal inverse certificate from the message received from the authority server; receiving a vehicle terminal inverse certificate from the user terminal in exchange for the user terminal inverse certificate; validating the vehicle terminal inverse certificate; pairing with the user terminal when the vehicle terminal inverse certificate is validated; and performing Bluetooth communication with the paired user terminal.

TECHNICAL FIELD

The present disclosure relates to a method and an apparatus forperforming secure Bluetooth communication.

BACKGROUND

Recently, Bluetooth communication between a vehicle terminal and a userterminal, such as a smart phone, has been widely utilized, such asplaying a playlist of songs stored on the smart phone through thevehicle's audio stereo system, or providing a voice call through avehicle speaker. As long as security is ensured in Bluetoothcommunication, the vehicle terminal will be able to utilize additionalinformation via the smart phone, such as personal information forproviding customized services to users in their vehicles, whichotherwise would not be available. Therefore, it is necessary to ensuresecurity in the Bluetooth communication between the vehicle terminal andthe smart phone.

SUMMARY

Accordingly, the present disclosure has been made to solve theabove-mentioned problems occurring in the related art while advantagesachieved by the related art are maintained intact.

One object to be achieved by the present disclosure is to provide amethod and an apparatus for performing secure Bluetooth communication.Another object to be achieved by the present disclosure is to provide acomputer readable recording medium in which a program for allowing acomputer to execute the method is recorded. The technical problem to besolved by embodiments of the present disclosure is not limited to thetechnical problems as described above, and therefore other technicalproblems may be solved.

According to embodiments of the present disclosure, a method forperforming secure Bluetooth communication includes: transmitting, by avehicle terminal, a user terminal inverse certificate request message toan authority server; receiving, at the vehicle terminal, a message fromthe authority server in response to the transmission of the userterminal inverse certificate request message; obtaining, by the vehicleterminal, a user terminal inverse certificate from the message receivedfrom the authority server; receiving, at the vehicle terminal, a vehicleterminal inverse certificate in exchange for the user terminal inversecertificate from the user terminal; validating, by the vehicle terminal,the vehicle terminal inverse certificate; pairing, by the vehicleterminal, with the user terminal when the vehicle terminal inversecertificate is validated, and performing, by the vehicle terminal,Bluetooth communication with the paired user terminal.

Furthermore, according to embodiments of the present disclosure, avehicle terminal includes: a communication unit configured tocommunicate with an authority server; a validation unit configured totransmit a user terminal inverse certificate request message to theauthority server through the communication interface, obtain a userterminal inverse certificate from a message received from the authorityserver in response to the transmitted user terminal inverse certificaterequest message, and validate a vehicle terminal inverse certificatereceived in exchange for the user terminal inverse certificate from theuser terminal; and a Bluetooth communication unit configured to pairwith the user terminal when the vehicle terminal inverse certificate isvalidated, and perform Bluetooth communication with the paired userterminal.

Furthermore, according to embodiments of the present disclosure, anon-transitory computer readable recording medium containing programinstructions for performing secure Bluetooth communication between avehicle terminal and a user terminal includes: program instructions thattransmit a user terminal inverse certificate request message to anauthority server; program instructions that receive a message from theauthority server in response to the transmission of the user terminalinverse certificate request message; program instructions that obtain auser terminal inverse certificate from the message received from theauthority server; program instructions that receive a vehicle terminalinverse certificate from the user terminal in exchange for the userterminal inverse certificate; program instructions that validate thevehicle terminal inverse certificate; program instructions that pairwith the user terminal when the vehicle terminal inverse certificate isvalidated; and program instructions that perform Bluetooth communicationwith the paired user terminal.

Furthermore, according to embodiments of the present disclosure, anauthority server for supporting secure Bluetooth communication between avehicle terminal and a user terminal includes: an account managementunit configured to generate a user account based on informationassociated with the user terminal and the vehicle terminal receivedthrough a Bluetooth security app, provided by the authority server fromthe user terminal, and generate a server public key and a server privatekey for the user account, and an inverse certificate generation unitconfigured to generate a user terminal inverse certificate, in responseto a user terminal inverse certificate request message received from thevehicle terminal, and a vehicle terminal inverse certificate, inresponse to a vehicle terminal inverse certificate request messagereceived from the user terminal, and encrypt the user terminal inversecertificate and the vehicle terminal inverse certificate, respectively,with the server private key for transmitting respective encryptedmessages to the vehicle terminal and the user terminal.

BRIEF DESCRIPTION OF THE DRAWINGS

The above and other objects, features and advantages of the presentdisclosure will be more apparent from the following detailed descriptiontaken in conjunction with the accompanying drawings, in which likereference characters may refer to the same or similar parts throughoutthe different views. The drawings are not necessarily to scale, emphasisinstead being placed upon illustrating the principles of the embodimentsof the disclosure.

FIG. 1 is a configuration diagram of a system for performing secureBluetooth communication according to embodiments of the presentdisclosure.

FIG. 2 is a configuration diagram for describing an operation ofperforming secure Bluetooth communication between the vehicle terminaland the user terminal according to embodiments of the presentdisclosure.

FIG. 3 is a first flow chart of a method for performing secure Bluetoothcommunication according to embodiments of the present disclosure.

FIG. 4 is a second flow chart of a method for performing secureBluetooth communication according to embodiments of the presentdisclosure.

FIG. 5 is a third flow chart of a method for performing secure Bluetoothcommunication according to embodiments of the present disclosure.

FIG. 6 is a fourth flow chart of a method for performing secureBluetooth communication according to embodiments of the presentdisclosure.

DETAILED DESCRIPTION

Hereinafter, the present disclosure will be described with reference tothe accompanying drawings. In each drawing, like components are denotedby like reference numerals. Further, the detailed description of knownfunctions and/or components will be omitted. The following disclosedcontents mainly describe portions required to understand operationsaccording to embodiments and the description of elements which make thegist of the description obscure will be omitted.

Further, some of components of the drawings may be exaggerated, omitted,or schematically illustrated. A size of each component does notcompletely reflect a real size and therefore the contents disclosedherein are not limited by a relative size or interval of the componentsillustrated in the drawings.

The terminology used herein is for the purpose of describing particularembodiments only and is not intended to be limiting of the disclosure.As used herein, the singular forms “a”, “an” and “the” are intended toinclude the plural forms as well, unless the context clearly indicatesotherwise. It will be further understood that the terms “comprises”and/or “comprising,” when used in this specification, specify thepresence of stated features, integers, steps, operations, elements,and/or components, but do not preclude the presence or addition of oneor more other features, integers, steps, operations, elements,components, and/or groups thereof. As used herein, the term “and/or”includes any and all combinations of one or more of the associatedlisted items.

It is understood that the term “vehicle” or “vehicular” or other similarterm as used herein is inclusive of motor vehicles in general such aspassenger automobiles including sports utility vehicles (SUV), buses,trucks, various commercial vehicles, watercraft including a variety ofboats and ships, aircraft, and the like, and includes hybrid vehicles,electric vehicles, plug-in hybrid electric vehicles, hydrogen-poweredvehicles and other alternative fuel vehicles (e.g., fuels derived fromresources other than petroleum). As referred to herein, a hybrid vehicleis a vehicle that has two or more sources of power, for example bothgasoline-powered and electric-powered vehicles.

Additionally, it is understood that one or more of the below methods, oraspects thereof, may be executed by at least one control unit. The term“control unit” may refer to a hardware device that includes a memory anda processor. The memory is configured to store program instructions, andthe processor is configured to execute the program instructions toperform one or more processes which are described further below.Moreover, it is understood that the below methods may be executed by anapparatus comprising the control unit, such as the vehicle terminal 100,for example.

Furthermore, the control unit of the present disclosure may be embodiedas non-transitory computer readable media on a computer readable mediumcontaining executable program instructions executed by a processor,controller or the like. Examples of the computer readable mediumsinclude, but are not limited to, ROM, RAM, compact disc (CD)-ROMs,magnetic tapes, floppy disks, flash drives, smart cards and optical datastorage devices. The computer readable recording medium can also bedistributed in network coupled computer systems so that the computerreadable media is stored and executed in a distributed fashion, e.g., bya telematics server or a Controller Area Network (CAN).

Referring now to the disclosed embodiments, FIG. 1 is a configurationdiagram of a system for performing secure Bluetooth communicationaccording to embodiments of the present disclosure. Referring to FIG. 1,the system for performing secure Bluetooth communication may include avehicle terminal 100, an authority server 200 and a user terminal 300for performing secure Bluetooth communication.

In the present disclosure, only components involved in embodiments ofthe present disclosure will be described to prevent features ofembodiments of the present disclosure from obscuring. Therefore, aperson having ordinary skill in the art to which the present disclosurepertains may understand that other general-purpose components inaddition to components illustrated in FIG. 1 may be further provided.

A terminal according to embodiments may include a cell phone, asmartphone, a tablet personal computer (PC), a notebook computer, aterminal for digital broadcast, a digital camera, a portable gameterminal, a personal digital assistant (PDA), a portable multimediaplayer (PMP), a navigator and a printer provided with the camera module110. However, the terminal is not limited thereto, and may include anydata communication device or multimedia device and an application devicetherefor.

The vehicle terminal 100 may request a user terminal inverse certificateto the authority server 200. According to embodiments, the vehicleterminal 100 may transmit an encrypted message requesting the userterminal inverse certificate to the authority server 200 for security.For example, the vehicle terminal 100 may encrypt the request with ashared secure key, such as a server public key.

Furthermore, according to embodiments, the vehicle terminal 100 mayconcatenate the encrypted message with a temporary server ID forsecurity. The authority server 200 may generate the user terminalinverse certificate in response to the request of the vehicle terminal100. And then, the authority server 200 may transmit the generated userterminal inverse certificate to the vehicle terminal 100. According toembodiments, the authority server 200 may encrypt the generated userterminal inverse certificate for security and transmit the encryptedmessage including the user terminal inverse certificate to the vehicleterminal 100. Furthermore, according to embodiments, the authorityserver 200 may concatenate the encrypted message including the userterminal inverse certificate with a temporary vehicle terminal ID forsecurity.

Similarly, the user terminal 300 may request a vehicle terminal inversecertificate to the authority server 200. According to embodiments, theuser terminal 300 may transmit an encrypted message requesting thevehicle terminal inverse certificate to the authority server 200 forsecurity. For example, the user terminal 300 may encrypt the requestwith a shared secure key, such as a server public key. Furthermore,according to embodiments, the user terminal 300 may concatenate theencrypted message with a temporary server ID for security. The authorityserver 200 may generate the vehicle terminal inverse certificate inresponse to the request of the user terminal 300. And then, theauthority server 200 may transmit the generated vehicle terminal inversecertificate to the user terminal 300. According to embodiments, theauthority server 200 may encrypt the generated vehicle terminal inversecertificate for security and transmit the encrypted message includingthe vehicle terminal inverse certificate to the user terminal 300.Furthermore, according to embodiments, the authority server 200 mayconcatenate the encrypted message including the vehicle terminal inversecertificate with a temporary user terminal ID for security.

And then, the vehicle terminal 100 and the user terminal 300 mayexchange the inverse certificates respectively received from theauthority server 200 for validating each other. That is, the vehicleterminal 100 may receive the vehicle terminal inverse certificate fromthe user terminal 300 in exchange for the user terminal inversecertificate. Also, the user terminal 300 may receive the user terminalinverse certificate from the vehicle terminal 100 in exchange for thevehicle terminal inverse certificate. If the exchanged inversecertificates are validated respectively in the vehicle terminal 100 andthe user terminal 300, the vehicle terminal 100 and the user terminal300 may be paired for performing secure Bluetooth communication. Theacquisition of the inverse certificates respectively in the vehicleterminal 100 and the user terminal 300 will be described in detail withreference to FIG. 3.

As described above, the system for performing secure Bluetoothcommunication may provide a secure means for 2-way communication betweenthe vehicle terminal 100 and the user terminal 300. According toembodiments of the present disclosure, application source for 2-waycommunication may be embedded beyond the frame-ware of the user terminal300. In the system, the lower level software may be programmed into theuser terminal 300 at the manufacturing process of the user terminal 300.And then, a top level app may be downloaded into the user terminal 300from the authority server 200, and installation of the application maybe completed. Through this system, all messages beingtransmitted/received through the application will be encrypted.

FIG. 2 is a configuration diagram of a vehicle terminal 100 and a userterminal 300 for performing secure Bluetooth communication according toembodiments of the present disclosure.

Referring to FIG. 2, the vehicle terminal 100 may include a Bluetoothcommunication unit 110, a validation unit 120, a control unit 130, ahead unit 140, and a communication unit 150. The vehicle terminal 100and the user terminal 300 illustrated in FIG. 2 may correspond to thevehicle terminal 100 and the user terminal 300 illustrated in FIG. 1.Therefore, the overlapping description thereof will be omitted.

The Bluetooth communication unit 110 may perform paring with the userterminal 300 if the vehicle terminal inverse certificate is validated.The Bluetooth communication unit 110 may perform Bluetooth communicationwith the paired user terminal 300. Accordingly, Bluetooth communicationmay be performed between the vehicle terminal 100 and user terminal 300.

According to embodiments of the present disclosure, the Bluetoothcommunication unit 110 may include a BLE (Bluetooth low energy) 4.0controller 111 and a Bluetooth Classic 3.0 controller 112. However, thepresent disclosure is not limited thereto, and any one controller may beused.

As described above, the vehicle terminal 100 and the user terminal 300may perform secure Bluetooth communication through the validation of theexchanged inverse certificates. If the validation of the exchangedinverse certificates is succeeded, the user terminal 300 may initiallypair with the BLE 4.0 controller 111 in Bluetooth communication unit 110of the vehicle terminal 100. And then, the BLE 4.0 controller 111 maytransmit an authorized signal to the Bluetooth Classic 3.0 controller112 after the initial pairing is authorized by the BLE 4.0 controller111. In this way, the Bluetooth Classic 3.0 controller 112 may alsocommunicate with the user terminal 300. According to embodiments of thepresent disclosure, the initial pairing may be encrypted through arolling code generator. Furthermore, according to embodiments of thepresent disclosure, the Bluetooth Classic 3.0 controller may encrypt allmessages with a vehicle terminal private key and transmit the encryptedmessages to the user terminal 300.

The Bluetooth communication unit 110 may provide secure Bluetoothcommunication both for the control unit 130 and the head unit 140.

The validation unit 120 may validate a vehicle terminal inversecertificate received from the user terminal 300 in exchange for the userterminal inverse certificate. According to embodiments, the validationunit 120 may validate the received vehicle terminal inverse certificateusing the vehicle terminal private key. Furthermore, according toembodiments, the validation unit 120 may obtain a user terminal publickey through decryption of the received vehicle terminal inversecertificate.

The validation unit 120 may receive a server public key from theauthority server 200 through the communication unit 150 during setup ofa telematics service on the vehicle terminal 100. For example, thevalidation unit 120 may encrypt a user terminal inverse certificaterequest with the server public key. Or, the validation unit 120 maydecrypt a received message, encrypted with a server private key, withthe server public key.

The validation unit 120 may generate a vehicle terminal public key and avehicle terminal private key. For example, the validation unit 120 maydecrypt a received message, encrypted with a vehicle terminal publickey, with the vehicle terminal private key.

The validation unit 120 may transmit a user terminal inverse certificaterequest message to the authority server 200 through the communicationunit 150. According to embodiments of the present disclosure, thevalidation unit 120 may encrypt a user terminal inverse certificaterequest with the server public key. According to embodiments of thepresent disclosure, the validation unit 120 may concatenate theencrypted message including the user terminal inverse certificaterequest with a temporary server ID such as a server anonymous ID.

The validation unit 120 may receive a message from the authority server200 in response to the transmitting of the user terminal certificaterequest message. If the message is encrypted with the server private keyand the vehicle terminal public key, the validation unit 120 may decryptthe message with the server public key and the vehicle terminal privatekey, thereby, obtaining a user terminal inverse certificate from themessage.

The control unit 130 may control the overall system of the vehicleterminal 100. According to embodiments, the control unit 130 may controlat least one part of the overall system on the basis of commandsreceived from the user terminal 130. The control unit 130 may receivecommands from the vehicle terminal 100 or the user terminal 300.

The head unit 140 may include a microphone, a speaker, a display, or auser input. According to embodiments, contents included in the userterminal 300 may be output through the head unit 140 of the vehicleterminal.

The communication unit 150 may perform communication with an authorityserver 200. For example, the communication unit 150 may be connected tothe network through wireless communication or wired communication andcommunicate with the authority server 200. The wireless communicationmay include at least one of, for example, wireless fidelity (Wi-Fi),near field communication (NFC), GPS, or cellular communication. Thewired communication may include at least one of, for example, universalserial bus (USB), recommended standard (RS)-232, and plain old telephoneservice (POTS).

According to embodiments of the present disclosure, the vehicle terminalmay utilize personal information included in the user terminal 300 formedia streaming, vehicle control, and vehicle monitoring in the vehicleterminal 100. Also, when comparing with a conventional Bluetooth system,more amounts of capabilities is able to be streamed between the vehicleterminal 100 and the user terminal 300 due to secure Bluetoothcommunication.

FIG. 3 is a first flow chart of a method for performing secure Bluetoothcommunication according to embodiments of the present disclosure. Theflow chart illustrated in FIG. 6 may include steps which are processedin time series by the user terminal 300 illustrated in FIGS. 1 to 2.Therefore, even though omitted hereinafter, the contents described aboveregarding the user terminal 300 illustrated in FIGS. 1 to 2 may beapplied to the flow chart illustrated in FIG. 6.

In steps 301 to 305, the vehicle terminal 100, the authority server 200,and the user terminal 300 may generate its own public key and its ownprivate key, respectively. For example, in the authority server 200, aserver public key (PU_(S)) and a server private key (PR_(S)) may begenerated. In the vehicle terminal 100, a vehicle terminal public key(PUJ and a vehicle terminal private key (PR_(C)) may be generated. Inthe user terminal 300, a user terminal public key (PU_(SMn)) and a userterminal private key (PR_(SMn)) may be generated (n: user terminalidentification number). The server public key (PU_(S)) may betransmitted to the vehicle terminal 100 and the user terminal 300 duringsetup or installation. The authority server 200 may receive the vehicleterminal public key (PU_(C)) generated in the vehicle terminal 100, andthe user terminal public key (PU_(SMn)) generated in the user terminal300.

In step 311, the vehicle terminal 100 may generate a user terminalinverse certificate request message. For example, the vehicle terminal100 may encrypt a user terminal inverse certificate request(SM_(n-Cert Req)) with the server public key (PU_(S)). A message(E[PU_(S), SM_(n-Cert Req)]) generated through encryption may beconcatenated with a temporary server ID (A-ID_(S)). Accordingly, theuser terminal inverse certificate request message (E[PU_(S),SM_(n-Cert Req)]∥A-ID_(S)) may be generated through the encryption andthe concatenation.

In step 313, the vehicle terminal 100 may transmit the user terminalinverse certificate request message to the authority server 200. In theabove example, the user terminal inverse certificate request message(E[PU_(S), SM_(n-Cert Req)]∥A-ID_(S)) generated through the encryptionand the concatenation may be transmitted to the authority server 200 forsecurity.

In step 315, the authority server 200 may generate a user terminalinverse certificate. For security, the authority server 200 may encryptthe generated user terminal inverse certificate (SM_(n-Cert)) with thevehicle public key (PU_(C)) and the server private key (PR_(S)) andconcatenate a message (E[PR_(S), E(PU_(C), SM_(n-Cert))]) generatedthrough the encryption with a temporary vehicle terminal ID (A-ID_(C)).Accordingly, a message (E[PR_(S), E(PU_(C), SM_(n-Cert))]∥A-ID_(C))including the user terminal inverse certificate may be generated throughthe encryption and the concatenation.

In step 317, the authority server 200 may transmit the user terminalinverse certificate to the vehicle terminal 100. In the above example,the message (E[PR_(S), E(PU_(C), SM_(n-Cert))]∥A-ID_(C)) generatedthrough the encryption and the concatenation may be transmitted to thevehicle terminal 100 for security.

In step 319, the vehicle terminal 100 may obtain the user terminalinverse certificate. In the above example, the vehicle terminal 100 maydecrypt the message (E[PR_(S), E(PU_(C), SM_(n-Cert))]∥A-ID_(C))received from the authority server 200 with the server public key(PU_(S)) and the vehicle terminal private key (PR_(C)), therebyobtaining the user terminal inverse certificate (SM_(n-Cert)). Accordingto embodiments, steps 311 to 319 may be changed with steps 321 to 327 inorder.

In step 321, the user terminal 300 may generate a vehicle terminalinverse certificate request message. Similarly, as an example, the userterminal 300 may encrypt a vehicle terminal inverse certificate request(C_(Cert Req)) with the server public key (PU_(S)). A message (E[PU_(S),C_(cert Req)]) generated through encryption may be concatenated with atemporary server ID (A-ID_(S)). Accordingly, the user terminal inversecertificate request message (E[PU_(S), C_(Cert Req)]∥A-ID_(S)) may begenerated through the encryption and the concatenation.

In step 323, the user terminal 300 may transmit the vehicle terminalinverse certificate request message to the authority server 200. In theabove example, the vehicle terminal inverse certificate request message(E[PU_(S), C_(Cert Req)]∥A-ID_(S)) generated through the encryption andthe concatenation may be transmitted to the authority server 200 forsecurity.

In step 325, the authority server 200 may generate a vehicle terminalinverse certificate. For security, the authority server 200 may encryptthe generated vehicle terminal inverse certificate (C_(Cert)) with theuser public key (PU_(SMn)) and the server private key (PR_(S)) andconcatenate a message (E[PR_(S), E(PU_(SMn), C_(Cert))]) generatedthrough the encryption with a temporary user terminal ID (A-ID_(S)).Accordingly, a message (E[PR_(S), E(PU_(SMn), C_(Cert))]∥A-ID_(SMn))including the vehicle terminal inverse certificate may be generatedthrough the encryption and the concatenation.

In step 327, the authority server 200 may transmit the vehicle terminalinverse certificate to the user terminal 100. In the above example, themessage (E[PR_(S), E(PU_(Smn), C_(Cert))]∥A-ID_(SMn)) generated throughthe encryption and the concatenation may be transmitted to the userterminal 300 for security.

In step 329, the user terminal 300 may obtain the vehicle terminalinverse certificate. In the above example, the user terminal 300 maydecrypt the message (E[PR_(S), E(PU_(SMn), C_(Cert))]∥A-ID_(SMn))received from the authority server 200 with the server public key(PU_(S)) and the user terminal private key (PR_(SMn)), thereby obtainingthe vehicle terminal inverse certificate (C_(Cert)).

In step 331, the vehicle terminal 100 and the user terminal 300 mayexchange the inverse certificates with each other. That is, the vehicleterminal 100 may receive the vehicle terminal inverse certificate(C_(Cert)) from the user terminal 300 and the user terminal 300 mayreceive the user terminal inverse certificate (SM_(n-Cert)) from thevehicle terminal 100.

In steps 333 and 335, the vehicle terminal 100 and the user terminal 300may validate the vehicle terminal inverse certificate (C_(Cert)) and theuser terminal inverse certificate (SM_(n-cert)), respectively. Accordingto embodiments, the vehicle terminal 100 may validate the vehicleterminal inverse certificate (C_(cert)) using the vehicle terminalprivate key (PR_(C)) and obtain a user terminal public key (PU_(SMn))through decryption of the vehicle terminal inverse certificate(C_(Cert)). Similarly, the user terminal 300 may validate the userterminal inverse certificate (SM_(n-Cert)) using the user terminalprivate key (PR_(SMn)) and obtain a vehicle terminal public key (PU_(C))through decryption of the user terminal inverse certificate(SM_(n-Cert)).

According to embodiments of the present disclosure, after m times ofuses, new inverse certificates for both the vehicle terminal 100 and theuser terminal 300 may be generated by the authority server 200.Accordingly, the time expiration condition may be added to the generatedinverse certificates (Sm_(n-Cert)=(E[PU_(SMn), (PU_(C), A-ID_(SMn),A-ID_(C), Time, Expiration)], C_(cert)=(E[PU_(C), (PU_(SMn), A-ID_(C),A-ID_(SMn), Time, Expiration)])

FIG. 4 is a second flow chart of a method for performing secureBluetooth communication according to embodiments of the presentdisclosure. The flow chart illustrated in FIG. 4 may include steps whichare processed in time series by the authority server 200 illustrated inFIG. 1. Therefore, even though omitted hereinafter, the contentsdescribed above regarding the authority server 200 illustrated in FIG. 1may be applied to the flow chart illustrated in FIG. 4.

In step 410, the authority server 200 may receive information on thevehicle terminal 100 and the user terminal 300. For example, the usermay input information on the vehicle terminal 100 and the user terminal300 during registration on a website of the authority server 200.

In step 420, the authority server 200 may generate a user account on thebasis of the received information. As a result of the registration ofthe website, the user account may be created. When the user downloads aBluetooth security app from the authority server 200, only an access onthe website using the registered user terminal is allowable.

In step 430, the authority server 200 may generate a server public keyand a server private key.

In step 440, the authority server 200 may receive a vehicle terminalpublic key and a user terminal public key respectively from the vehicleterminal 100 and the user terminal 300.

In step 450, the authority server 200 may check whether an inversecertificate request is received from the vehicle terminal 100 or theuser terminal 300. The authority server 200 may proceed to step 460 whenan inverse certificate request is received. Otherwise, the authorityserver 200 may preform step 450 repeatedly for checking whether aninverse certificate request is received from the vehicle terminal 100 orthe user terminal 300.

In step 460, the authority server 200 may generate an inversecertificate according to the request from the vehicle terminal 100 orthe user terminal 300.

In step 470, the authority server 200 may encrypt an inverse certificatewith a server private key and a public key of the request terminal (thevehicle terminal 100 or the user terminal 300).

In step 480, the authority server 200 may transmit the encrypted inversecertificate to the vehicle terminal 100 or the user terminal 300.

FIG. 5 is a third flow chart of a method for performing secure Bluetoothcommunication according to embodiments of the present disclosure. Theflow chart illustrated in FIG. 5 may include steps which are processedin time series by the vehicle terminal 100 illustrated in FIGS. 1 to 2.Therefore, even though omitted hereinafter, the contents described aboveregarding the vehicle terminal 100 illustrated in FIGS. 1 to 2 may beapplied to the flow chart illustrated in FIG. 5.

In step 511, the vehicle terminal 100 may setup a telematics service onthe vehicle terminal 100.

In step 512, the vehicle terminal 100 may receive a server public keyfrom the authority server 200 during the setup of the telematicsservice. That is, the server public key may be shared between theauthority server 200 and the vehicle terminal 100.

In step 513, the vehicle terminal 100 may generate a vehicle terminalpublic key and a vehicle terminal private key.

In step 514, the vehicle terminal 100 may request the user terminalinverse certificate request message.

In step 515, the vehicle terminal 100 may check whether a user terminalinverse certificate is received. The vehicle terminal 100 may proceed tostep 516 when a user terminal inverse certificate is succeeded.Otherwise, the vehicle terminal 100 may preform step 515 repeatedly forchecking whether a user terminal inverse certificate is received fromthe authority server 200.

In step 516, the vehicle terminal 100 may obtain the user terminalinverse certificate by decryption of the received message from theauthority server 200.

In step 517, the vehicle terminal 100 may receive a vehicle terminalinverse certificate from the user terminal 300 in exchange for the userterminal inverse certificate.

In step 518, the vehicle terminal 100 may validate the vehicle terminalinverse certificate.

In step 519, the vehicle terminal 100 may check whether the validationof the vehicle terminal inverse certificate is succeeded. The vehicleterminal 100 may proceed to step 520 when the validation is succeeded.Otherwise, the vehicle terminal 100 may return to step 517 for receivingnew vehicle terminal inverse certificate from the user terminal 300.

In step 520, the vehicle terminal 100 may obtain a user terminal publickey through decryption of the vehicle terminal inverse certificate.

FIG. 6 is a fourth flow chart of a method for performing secureBluetooth communication according to embodiments of the presentdisclosure. The flow chart illustrated in FIG. 6 may include steps whichare processed in time series by the user terminal 300 illustrated inFIGS. 1 to 2. Therefore, even though omitted hereinafter, the contentsdescribed above regarding the user terminal 300 illustrated in FIGS. 1to 2 may be applied to the flow chart illustrated in FIG. 6.

In step 611, the user terminal 300 may install a Bluetooth security appon the user terminal 300.

In step 612, the user terminal 300 may receive a server public key fromthe authority server 200 during the installation of the Bluetoothsecurity app. That is, the server public key may be shared between theauthority server 200 and the user terminal 300.

In step 613, the user terminal 300 may generate a user terminal publickey and a user terminal private key.

In step 614, the user terminal 300 may request the vehicle terminalinverse certificate request message to the authority server 200.

In step 615, the user terminal 300 may check whether a vehicle terminalinverse certificate is received. The user terminal 300 may proceed tostep 616 when the vehicle terminal inverse certificate is received.Otherwise, the user terminal 300 may preform step 615 repeatedly forchecking whether a vehicle terminal inverse certificate is received fromthe authority server 200.

In step 616, the user terminal 300 may obtain the vehicle terminalinverse certificate by decryption of the message received from theauthority server 200.

In step 617, the user terminal 300 may receive a user terminal inversecertificate from the vehicle terminal 100 in exchange for the vehicleterminal inverse certificate.

In step 618, the user terminal 300 may validate the user terminalinverse certificate.

In step 619, the user terminal 300 may check whether the validation ofthe user terminal inverse certificate is succeeded. The user terminal300 may proceed to step 620 when the validation is succeeded. Otherwise,the user terminal 300 may return to step 617 for receiving new userterminal inverse certificate from the vehicle terminal 100.

In step 620, the user terminal 300 may obtain a vehicle terminal publickey through decryption of the user terminal inverse certificate.

All embodiments and conditional examples disclosed in the presentdisclosure are described to help a person having ordinary skilled in theart to which the present disclosure pertains to understand the principleand concept of the present disclosure. Those skilled in the art willunderstand that the present disclosure may be implemented in a modifiedform within a range which does not deviate from the disclosedcharacteristics of the present disclosure. Therefore, the embodimentsdescribed above should be considered as an illustration, rather than alimitation. It should be interpreted that the scope of the presentdisclosure is defined by the following claims, rather than theabove-mentioned detailed description, and all of differences within ascope equivalent thereto are included in the appended claims of thepresent disclosure.

What is claimed is:
 1. A vehicle terminal for performing secureBluetooth communication, comprising: a communication unit configured tocommunicate with an authority server; a validation unit configured totransmit a user terminal inverse certificate request message to theauthority server through the communication unit, obtain a user terminalinverse certificate from a message received from the authority server inresponse to the transmitted user terminal inverse certificate requestmessage, and validate a vehicle terminal inverse certificate receivedfrom the user terminal in exchange for the user terminal inversecertificate; and a Bluetooth communication unit configured to pair withthe user terminal when the vehicle terminal inverse certificate isvalidated, and perform Bluetooth communication with the paired userterminal.
 2. The vehicle terminal of claim 1, wherein the validationunit is configured to receive a server public key from the authorityserver through the communication unit during setup of a telematicsservice, and generate a vehicle terminal public key and a vehicleterminal private key.
 3. The vehicle terminal of claim 2, wherein theuser terminal inverse certificate request message is encrypted with thereceived server public key.
 4. The vehicle terminal of claim 3, whereinthe user terminal inverse certificate request message is concatenatedwith a temporary server ID.
 5. The vehicle terminal of claim 2, whereinthe message received from the authority server is encrypted with aserver private key and the vehicle terminal public key.
 6. The vehicleterminal of claim 5, wherein the message received from the authorityserver is concatenated with a temporary vehicle terminal ID.
 7. Thevehicle terminal of claim 5, wherein the validation unit is configuredto obtain the user terminal inverse certificate by decrypting themessage from the authority server with the vehicle terminal private key.8. The vehicle terminal of claim 2, wherein the validation unit isconfigured to validate the received vehicle terminal inverse certificateusing the vehicle terminal private key.
 9. The vehicle terminal of claim2, wherein the validation unit is configured to obtain a user terminalpublic key through decryption of the received vehicle terminal inversecertificate.
 10. An authority server for supporting secure Bluetoothcommunication between a vehicle terminal and a user terminal,comprising: an account management unit configured to generate a useraccount based on information associated with the user terminal and thevehicle terminal received through a Bluetooth security app, provided bythe authority server from the user terminal, and generate a serverpublic key and a server private key for the user account; and an inversecertificate generation unit configured to generate a user terminalinverse certificate, in response to a user terminal inverse certificaterequest message received from the vehicle terminal, and a vehicleterminal inverse certificate, in response to a vehicle terminal inversecertificate request message received from the user terminal, and encryptthe user terminal inverse certificate and the vehicle terminal inversecertificate, respectively, with the server private key for transmittingrespective encrypted messages to the vehicle terminal and the userterminal.
 11. The authority server of claim 10, wherein the accountmanagement unit is configured to receive a user terminal public key fromthe user terminal during installation of the Bluetooth security app onthe user terminal and a vehicle terminal public key from the vehicleterminal during setup of a telematics service on the vehicle terminal.12. The authority server of claim 10, wherein the inverse certificategeneration unit is configured to encrypt the user terminal inversecertificate with the server private key and a vehicle terminal publickey, and the vehicle terminal inverse certificate with the serverprivate key and a user terminal public key.
 13. The authority server ofclaim 12, wherein the inverse certificate generation unit is configuredto concatenate messages generated through the encryption of the userterminal inverse certificate and the vehicle terminal inversecertificate with a temporary vehicle terminal ID and a temporary userterminal ID, respectively, and transmit the concatenated messages to thevehicle terminal and the user terminal, respectively.
 14. The authorityserver of claim 10, wherein the user terminal inverse certificaterequest message is encrypted with the server public key, and the inversecertificate generation unit is configured to decrypt the user terminalinverse certificate request message with the server private key.
 15. Theauthority server of claim 10, wherein the vehicle terminal inversecertificate request message is encrypted with the server public key, andthe inverse certificate generation unit is configured to decrypt thevehicle terminal inverse certificate request message with the serverprivate key.
 16. A method for performing secure Bluetooth communicationbetween a vehicle terminal and a user terminal, comprising:transmitting, by a vehicle terminal, a user terminal inverse certificaterequest message to an authority server; receiving, at the vehicleterminal, a message from the authority server in response to thetransmission of the user terminal inverse certificate request message;obtaining, by the vehicle terminal, a user terminal inverse certificatefrom the message received from the authority server; receiving, at thevehicle terminal, a vehicle terminal inverse certificate from the userterminal in exchange for the user terminal inverse certificate;validating, by the vehicle terminal, the vehicle terminal inversecertificate; pairing, by the vehicle terminal, with the user terminalwhen the vehicle terminal inverse certificate is validated; andperforming, by the vehicle terminal, Bluetooth communication with thepaired user terminal.
 17. The method of claim 16, wherein thetransmitting of the user terminal inverse certificate request messageincludes: encrypting the user terminal inverse certificate requestmessage with a server public key; concatenating the encrypted userterminal inverse certificate request message with a temporary server ID;and transmitting the encrypted user terminal inverse certificate requestmessage concatenated with the temporary server ID to the authorityserver.
 18. The method of claim 16, wherein the obtaining of the userterminal inverse certificate includes obtaining the user terminalinverse certificate by decrypting the message received from theauthority server with a server public key and a vehicle terminal privatekey.
 19. The method of claim 16, further comprising: receiving, at thevehicle terminal, a server public key from the authority server throughsetup of a telematics service; and generating, by the vehicle terminal,a vehicle terminal public key and a vehicle terminal private key. 20.The method of claim 19, wherein the validating of the vehicle terminalinverse certificate includes: validating the vehicle terminal inversecertificate using the vehicle terminal private key; and obtaining a userterminal public key through decryption of the vehicle terminal inversecertificate.
 21. A non-transitory computer readable medium containingprogram instructions for performing secure Bluetooth communicationbetween a vehicle terminal and a user terminal, the computer readablemedium comprising: program instructions that transmit a user terminalinverse certificate request message to an authority server; programinstructions that receive a message from the authority server inresponse to the transmission of the user terminal inverse certificaterequest message; program instructions that obtain a user terminalinverse certificate from the message received from the authority server;program instructions that receive a vehicle terminal inverse certificatefrom the user terminal in exchange for the user terminal inversecertificate; program instructions that validate the vehicle terminalinverse certificate; program instructions that pair with the userterminal when the vehicle terminal inverse certificate is validated; andprogram instructions that perform Bluetooth communication with thepaired user terminal.